From 731f07817b4835a8f2f7e983fb5d3d2321fa740f Mon Sep 17 00:00:00 2001 From: "theo@manjaro" Date: Wed, 13 Jul 2022 11:03:16 +0200 Subject: [PATCH] Redact domain passwords in logs --- src/domain.py | 6 ++++++ src/dyndns.py | 2 ++ 2 files changed, 8 insertions(+) diff --git a/src/domain.py b/src/domain.py index b7ab302b8..a107c7635 100644 --- a/src/domain.py +++ b/src/domain.py @@ -158,6 +158,9 @@ def domain_add(operation_logger, domain, subscribe=None, no_subscribe=False): from yunohost.utils.ldap import _get_ldap_interface from yunohost.certificate import _certificate_install_selfsigned + if subscribe!=0 and subscribe!=None: + operation_logger.data_to_redact.append(subscribe) + if domain.startswith("xmpp-upload."): raise YunohostValidationError("domain_cannot_add_xmpp_upload") @@ -258,6 +261,9 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False, unsu from yunohost.hook import hook_callback from yunohost.app import app_ssowatconf, app_info, app_remove from yunohost.utils.ldap import _get_ldap_interface + + if unsubscribe!=0 and unsubscribe!=None: + operation_logger.data_to_redact.append(unsubscribe) # the 'force' here is related to the exception happening in domain_add ... # we don't want to check the domain exists because the ldap add may have diff --git a/src/dyndns.py b/src/dyndns.py index 070090d7f..0baa1d428 100644 --- a/src/dyndns.py +++ b/src/dyndns.py @@ -95,6 +95,7 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None): password = Moulinette.prompt( m18n.n("ask_password"), is_password=True, confirm=True ) + operation_logger.data_to_redact.append(password) assert_password_is_strong_enough("admin", password) if _guess_current_dyndns_domain() != (None, None): @@ -207,6 +208,7 @@ def dyndns_unsubscribe(operation_logger, domain, password=None): password = Moulinette.prompt( m18n.n("ask_password"), is_password=True ) + operation_logger.data_to_redact.append(password) assert_password_is_strong_enough("admin", password) operation_logger.start()